[dojo-contributors] "core dojo", packaging, and the build system
smagi at naasking.homeip.net
Thu Apr 6 07:41:51 EDT 2006
Alex Russell wrote:
> No, just that a system of "trusted" distribution sites is not uncommon
> in the software world (take, for instance, CPAN).
Sure, and the gentoo ebuild system. Difference is, these distribution
systems provide checksum verification against an authoritative source to
> Folks who have
> security considerations can do something different if need be, but
> trying to build out a web of trust in a browser environment is
> more-or-less untennable w/o coarse-grained trust relationships.
I agree it's probably not worth the time. But since everyone seems to be
set on going ahead with "CJAN", I just thought I'd point out the
security problems and suggest a solution.
I believe some, perhaps many, naive developers/users will make the
mistake of leaving the references to CJAN in their deployed apps.
This is a phisher's wet dream. If script download is over unencrypted
channels, they don't even need to subvert a host, they can just mount a
man-in-the-middle attack and return an arbitrary replacement script.
> Hashing in the browser is also tremendously slow. We don't have many
> good options right now, so we work with what we've got. This is the
> life of a web developer.
I would recommend that streamlining builds and providing a clear,
concise document for this procedure would be a better use of resources.
Perhaps an online build form even? The developer/user must necessarily
trust the server with which he is communicating, so custom builds are
always the way to go.
I believe HTTP keep-alive and browser-side script caching will make the
above faster, and definitely safer, than distributed load-balancing.
More information about the dojo-contributors